From 21f2c3a58aa601a55ba9358e699aef2f9e2adb7e Mon Sep 17 00:00:00 2001 From: xuziyi Date: Tue, 27 Feb 2024 14:11:40 +0800 Subject: [PATCH] =?UTF-8?q?refine=20cluster=20image(objectstorage-controll?= =?UTF-8?q?er=E3=80=81minio-service)=20(#4512)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * refine cluster image(objectstorage-controller、minio-service) * fix * fix env * fix * add env cloudDomain and use sed * add copy entrypoint.sh * fix ingress port number error * fix env error * add app cr * update images * add cloudPort * remove cors config of ingress * fix cloudPort env error --- .github/workflows/frontend.yml | 2 +- controllers/objectstorage/deploy/Kubefile | 8 +- .../{deploy.yaml => deploy.yaml.tmpl} | 28 +-- .../providers/objectstorage/deploy/Kubefile | 9 +- .../deploy/manifests/appcr.yaml.tmpl | 21 --- .../deploy/manifests/deploy.yaml.tmpl | 169 +++++++++++------- .../deploy/manifests/ingress.yaml.tmpl | 51 ------ service/minio/deploy/Kubefile | 5 +- service/minio/deploy/entrypoint.sh | 20 +++ service/minio/deploy/manifests/deploy.yaml | 88 --------- .../minio/deploy/manifests/deploy.yaml.tmpl | 156 ++++++++++++++++ 11 files changed, 296 insertions(+), 261 deletions(-) rename controllers/objectstorage/deploy/manifests/{deploy.yaml => deploy.yaml.tmpl} (94%) delete mode 100644 frontend/providers/objectstorage/deploy/manifests/appcr.yaml.tmpl delete mode 100644 frontend/providers/objectstorage/deploy/manifests/ingress.yaml.tmpl create mode 100644 service/minio/deploy/entrypoint.sh delete mode 100644 service/minio/deploy/manifests/deploy.yaml create mode 100644 service/minio/deploy/manifests/deploy.yaml.tmpl diff --git a/.github/workflows/frontend.yml b/.github/workflows/frontend.yml index 4ccd482e7ec..8c1053db044 100644 --- a/.github/workflows/frontend.yml +++ b/.github/workflows/frontend.yml @@ -160,7 +160,7 @@ jobs: providers/terminal, providers/dbprovider, providers/costcenter, - # providers/objectstorage, + providers/objectstorage, desktop, ] steps: diff --git a/controllers/objectstorage/deploy/Kubefile b/controllers/objectstorage/deploy/Kubefile index 284718960fa..464a5912810 100644 --- a/controllers/objectstorage/deploy/Kubefile +++ b/controllers/objectstorage/deploy/Kubefile @@ -5,9 +5,7 @@ USER 65532:65532 COPY registry registry COPY manifests manifests -ENV DEFAULT_NAMESPACE objectstorage-system -ENV OSAdminSecret="" -ENV OSInternalEndpoint="" -ENV OSExternalEndpoint="" +ENV cloudDomain=${cloudDomain:-"127.0.0.1.nip.io"} +ENV cloudPort=${cloudPort:-"443"} -CMD ["kubectl apply -f manifests/deploy.yaml -n $DEFAULT_NAMESPACE"] +CMD ["kubectl apply -f manifests/deploy.yaml"] diff --git a/controllers/objectstorage/deploy/manifests/deploy.yaml b/controllers/objectstorage/deploy/manifests/deploy.yaml.tmpl similarity index 94% rename from controllers/objectstorage/deploy/manifests/deploy.yaml rename to controllers/objectstorage/deploy/manifests/deploy.yaml.tmpl index ee286d82233..e9503c51545 100644 --- a/controllers/objectstorage/deploy/manifests/deploy.yaml +++ b/controllers/objectstorage/deploy/manifests/deploy.yaml.tmpl @@ -1,17 +1,3 @@ -# Copyright © 2023 sealos. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - apiVersion: v1 kind: Namespace metadata: @@ -491,14 +477,14 @@ spec: - name: OSNamespace value: objectstorage-system - name: OSAdminSecret - value: '{{ .OSAdminSecret }}' + value: object-storage-user-0 - name: OSInternalEndpoint - value: '{{ .OSInternalEndpoint }}' + value: object-storage.objectstorage-system.svc.cluster.local - name: OSExternalEndpoint - value: '{{ .OSExternalEndpoint }}' + value: objectstorageapi.{{ .cloudDomain }} - name: OSUDetectionCycleSeconds value: "300" - - name: OSBDetectionCycleSeconds + - name: MinioBucketDetectionCycleSeconds value: "300" image: ghcr.io/labring/sealos-objectstorage-controller:latest imagePullPolicy: Always @@ -520,8 +506,8 @@ spec: cpu: 500m memory: 512Mi requests: - cpu: 250m - memory: 256Mi + cpu: 5m + memory: 64Mi securityContext: allowPrivilegeEscalation: false capabilities: @@ -531,4 +517,4 @@ spec: securityContext: runAsNonRoot: true serviceAccountName: objectstorage-controller-manager - terminationGracePeriodSeconds: 10 + terminationGracePeriodSeconds: 10 \ No newline at end of file diff --git a/frontend/providers/objectstorage/deploy/Kubefile b/frontend/providers/objectstorage/deploy/Kubefile index 9c6af5ae51c..464a5912810 100644 --- a/frontend/providers/objectstorage/deploy/Kubefile +++ b/frontend/providers/objectstorage/deploy/Kubefile @@ -5,10 +5,7 @@ USER 65532:65532 COPY registry registry COPY manifests manifests -ENV certSecretName="wildcard-cert" -ENV cloudDomain="127.0.0.1.nip.io" -ENV cloudPort="" -ENV transferEnabled="true" -ENV rechargeEnabled="true" +ENV cloudDomain=${cloudDomain:-"127.0.0.1.nip.io"} +ENV cloudPort=${cloudPort:-"443"} -CMD ["kubectl apply -f manifests"] +CMD ["kubectl apply -f manifests/deploy.yaml"] diff --git a/frontend/providers/objectstorage/deploy/manifests/appcr.yaml.tmpl b/frontend/providers/objectstorage/deploy/manifests/appcr.yaml.tmpl deleted file mode 100644 index 9db827b0308..00000000000 --- a/frontend/providers/objectstorage/deploy/manifests/appcr.yaml.tmpl +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: app.sealos.io/v1 -kind: App -metadata: - name: Object Storage - namespace: app-system -spec: - data: - desc: sealos cloud object storage - url: "https://objectstorage.{{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }}" - icon: "https://objectstorage.{{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }}/logo.svg" - i18n: - zh: - name: 对象存储 - zh-Hans: - name: 对象存储 - menuData: - helpDropDown: false - nameColor: text-black - name: Object Storage - type: iframe - displayType: normal diff --git a/frontend/providers/objectstorage/deploy/manifests/deploy.yaml.tmpl b/frontend/providers/objectstorage/deploy/manifests/deploy.yaml.tmpl index c8ba8047561..e4cae9b5706 100644 --- a/frontend/providers/objectstorage/deploy/manifests/deploy.yaml.tmpl +++ b/frontend/providers/objectstorage/deploy/manifests/deploy.yaml.tmpl @@ -1,81 +1,116 @@ apiVersion: v1 kind: Namespace metadata: - labels: - app: objectstorage - name: objectstorage ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: objectstorage-config - namespace: objectstorage -data: - config.yaml: |- - addr: :3000 + name: objectstorage-frontend --- apiVersion: apps/v1 kind: Deployment metadata: - name: objectstorage - namespace: objectstorage + name: object-storage-frontend + namespace: objectstorage-frontend + labels: + app: object-storage-frontend spec: - selector: - matchLabels: - app: objectstorage - strategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 25% - maxSurge: 25% - template: - metadata: - labels: - app: objectstorage - spec: - containers: - - name: objectstorage - env: - - name: MONITOR_URL - value: '{{ .MONITOR_URL }}' - resources: - limits: - cpu: 100m - memory: 1000Mi - requests: - cpu: 10m - memory: 128Mi - securityContext: - runAsNonRoot: true - runAsUser: 1001 - allowPrivilegeEscalation: false - capabilities: - drop: - - "ALL" - # do not modify this image, it is used for CI/CD - image: ghcr.io/labring/sealos-objectstorage:latest - imagePullPolicy: Always - volumeMounts: - - name: objectstorage-volume - mountPath: /config.yaml - subPath: config.yaml - volumes: - - name: objectstorage-volume - configMap: - name: objectstorage-config + replicas: 1 + revisionHistoryLimit: 1 + selector: + matchLabels: + app: object-storage-frontend + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + maxSurge: 0 + template: + metadata: + labels: + app: object-storage-frontend + spec: + containers: + - name: object-storage-frontend + image: ghcr.io/labring/sealos-objectstorage-frontend:latest + ports: + - containerPort: 3000 + protocol: TCP + env: + - name: MONITOR_URL + value: https://object-storage-monitor.{{ .cloudDomain }}/q + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 5m + memory: 64Mi + imagePullPolicy: Always + volumeMounts: [] + volumes: [] --- apiVersion: v1 kind: Service metadata: - labels: - app: objectstorage + name: object-storage-frontend + namespace: objectstorage-frontend + labels: + app: object-storage-frontend +spec: + ports: + - port: 3000 + targetPort: 3000 + protocol: TCP + selector: + app: object-storage-frontend +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($request_uri ~* \.(js|css|gif|jpe?g|png)) { + expires 30d; + add_header Cache-Control "public"; + } + nginx.ingress.kubernetes.io/proxy-body-size: 3g + nginx.ingress.kubernetes.io/proxy-next-upstream-timeout: '180' + nginx.ingress.kubernetes.io/proxy-send-timeout: '180' + name: object-storage-frontend + namespace: objectstorage-frontend +spec: + rules: + - host: objectstorage.{{ .cloudDomain }} + http: + paths: + - backend: + service: + name: object-storage-frontend + port: + number: 3000 + path: / + pathType: Prefix + tls: + - hosts: + - objectstorage.{{ .cloudDomain }} + secretName: wildcard-cert +--- +apiVersion: app.sealos.io/v1 +kind: App +metadata: name: objectstorage - namespace: objectstorage + namespace: app-system spec: - ports: - - name: http - port: 3000 - protocol: TCP - targetPort: 3000 - selector: - app: objectstorage + data: + desc: object storage + url: https://objectstorage.{{ .cloudDomain }}:{{ .cloudPort }} + displayType: normal + i18n: + zh: + name: 对象存储 + zh-Hans: + name: 对象存储 + icon: https://objectstorage.{{ .cloudDomain }}:{{ .cloudPort }}/logo.svg + menuData: + helpDropDown: false + nameColor: text-black + name: Object Storage + type: iframe \ No newline at end of file diff --git a/frontend/providers/objectstorage/deploy/manifests/ingress.yaml.tmpl b/frontend/providers/objectstorage/deploy/manifests/ingress.yaml.tmpl deleted file mode 100644 index 7e76bbb4882..00000000000 --- a/frontend/providers/objectstorage/deploy/manifests/ingress.yaml.tmpl +++ /dev/null @@ -1,51 +0,0 @@ -# Copyright © 2023 sealos. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - annotations: - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/enable-cors: "true" - nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, DELETE, PATCH, OPTIONS" - nginx.ingress.kubernetes.io/cors-allow-origin: "https://{{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }}, https://*.{{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }}" - nginx.ingress.kubernetes.io/cors-allow-credentials: "true" - nginx.ingress.kubernetes.io/cors-max-age: "600" - nginx.ingress.kubernetes.io/backend-protocol: "HTTP" - nginx.ingress.kubernetes.io/configuration-snippet: | - more_clear_headers "X-Frame-Options:"; - more_set_headers "Content-Security-Policy: default-src * blob: data: *.{{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }} {{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }}; img-src * data: blob: resource: *.{{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }} {{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }}; connect-src * wss: blob: resource:; style-src 'self' 'unsafe-inline' blob: *.{{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }} {{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }} resource:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.{{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }} {{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }} resource: *.baidu.com *.bdstatic.com https://js.stripe.com; frame-src 'self' *.{{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }} {{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }} mailto: tel: weixin: mtt: *.baidu.com https://js.stripe.com; frame-ancestors 'self' https://{{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }} https://*.{{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }}"; - more_set_headers "X-Xss-Protection: 1; mode=block"; - higress.io/response-header-control-remove: X-Frame-Options - higress.io/response-header-control-update: | - Content-Security-Policy "default-src * blob: data: *.{{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }} {{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }}; img-src * data: blob: resource: *.{{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }} {{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }}; connect-src * wss: blob: resource:; style-src 'self' 'unsafe-inline' blob: *.{{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }} {{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }} resource:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.{{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }} {{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }} resource: *.baidu.com *.bdstatic.com https://js.stripe.com; frame-src 'self' *.{{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }} {{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }} mailto: tel: weixin: mtt: *.baidu.com https://js.stripe.com; frame-ancestors 'self' https://{{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }} https://*.{{ .cloudDomain }}{{ if .cloudPort }}:{{ .cloudPort }}{{ end }}" - X-Xss-Protection "1; mode=block" - name: sealos-objectstorage - namespace: objectstorage -spec: - rules: - - host: objectstorage.{{ .cloudDomain }} - http: - paths: - - pathType: Prefix - path: / - backend: - service: - name: objectstorage - port: - number: 3000 - tls: - - hosts: - - objectstorage.{{ .cloudDomain }} - secretName: {{ .certSecretName }} diff --git a/service/minio/deploy/Kubefile b/service/minio/deploy/Kubefile index 035ec02f5a0..1c45400aa26 100644 --- a/service/minio/deploy/Kubefile +++ b/service/minio/deploy/Kubefile @@ -1,5 +1,8 @@ FROM scratch COPY registry registry COPY manifests manifests +COPY entrypoint.sh entrypoint.sh -CMD ["kubectl apply -f manifests/deploy.yaml"] \ No newline at end of file +ENV cloudDomain=${cloudDomain:-"127.0.0.1.nip.io"} + +CMD ["bash entrypoint.sh"] \ No newline at end of file diff --git a/service/minio/deploy/entrypoint.sh b/service/minio/deploy/entrypoint.sh new file mode 100644 index 00000000000..ffd0ea2b814 --- /dev/null +++ b/service/minio/deploy/entrypoint.sh @@ -0,0 +1,20 @@ +#!/usr/bin/env bash +set -e + +MINIO_CONFIG_ENV=$(kubectl -n objectstorage-system get secret object-storage-env-configuration -o jsonpath="{.data.config\.env}" | base64 --decode) +MINIO_ROOT_USER=$(echo "$MINIO_CONFIG_ENV" | tr ' ' '\n' | grep '^MINIO_ROOT_USER=' | cut -d '=' -f 2); MINIO_ROOT_USER=${MINIO_ROOT_USER//\"} +MINIO_ROOT_PASSWORD=$(echo "$MINIO_CONFIG_ENV" | tr ' ' '\n' | grep '^MINIO_ROOT_PASSWORD=' | cut -d '=' -f 2); MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD//\"} + +SYMMETRIC_KEY=$MINIO_ROOT_PASSWORD; HEADER='{"alg":"HS256","typ":"JWT"}'; PAYLOAD='{"exp":4833872336,"iss":"prometheus","sub":"'"$MINIO_ROOT_USER"'"}' + +BASE64_HEADER=$(echo -n "$HEADER" | base64 | tr -d '\n=' | tr '/+' '_-'); BASE64_PAYLOAD=$(echo -n "$PAYLOAD" | base64 | tr -d '\n=' | tr '/+' '_-') + +BASE64_SIGNATURE=$(echo -n "$BASE64_HEADER.$BASE64_PAYLOAD" | openssl dgst -binary -sha256 -hmac "$SYMMETRIC_KEY" | base64 | tr -d '\n=' | tr '/+' '_-') + +TOKEN="$BASE64_HEADER.$BASE64_PAYLOAD.$BASE64_SIGNATURE" + +BASE64_TOKEN=$(echo -n "$TOKEN" | base64 -w 0) + +sed -i 's/{BASE64_TOKEN}/'${BASE64_TOKEN}'/g' manifests/deploy.yaml + +kubectl apply -f manifests/deploy.yaml \ No newline at end of file diff --git a/service/minio/deploy/manifests/deploy.yaml b/service/minio/deploy/manifests/deploy.yaml deleted file mode 100644 index ee6c656c288..00000000000 --- a/service/minio/deploy/manifests/deploy.yaml +++ /dev/null @@ -1,88 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - labels: - app: object-storage-monitor - name: object-storage-monitor-config - namespace: objectstorage-system -data: - config.yml: | - server: - addr: ":9090" ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: object-storage-monitor - name: object-storage-monitor - namespace: sealos -spec: - replicas: 1 - selector: - matchLabels: - app: object-storage-monitor - strategy: - type: Recreate - template: - metadata: - labels: - app: object-storage-monitor - spec: - containers: - - args: - - /config/config.yml - command: - - /manager - env: - - name: PROMETHEUS_SERVICE_HOST - value: http://prometheus-object-storage.objectstorage-system.svc.cluster.local:9090 - - name: OBJECT_STORAGE_INSTANCE - value: object-storage.objectstorage-system.svc.cluster.local:80 - image: ghcr.io/labring/sealos-minio-service:latest - imagePullPolicy: Always - name: object-storage-monitor - ports: - - containerPort: 9090 - protocol: TCP - resources: - limits: - cpu: 500m - memory: 1024Mi - requests: - cpu: 5m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - runAsNonRoot: true - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - mountPath: /config - name: config-vol - dnsPolicy: ClusterFirst - restartPolicy: Always - volumes: - - configMap: - defaultMode: 420 - name: object-storage-monitor-config - name: config-vol ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: object-storage-monitor - name: object-storage-monitor - namespace: objectstorage-system -spec: - ports: - - name: http - port: 9090 - protocol: TCP - targetPort: 9090 - selector: - app: object-storage-monitor diff --git a/service/minio/deploy/manifests/deploy.yaml.tmpl b/service/minio/deploy/manifests/deploy.yaml.tmpl new file mode 100644 index 00000000000..c82deced060 --- /dev/null +++ b/service/minio/deploy/manifests/deploy.yaml.tmpl @@ -0,0 +1,156 @@ +apiVersion: monitoring.coreos.com/v1 +kind: Probe +metadata: + labels: + namespace: objectstorage-system + release: prometheus + name: object-storage + namespace: objectstorage-system +spec: + jobName: object-storage-job + bearerTokenSecret: + name: object-storage-probe + key: token + prober: + path: /minio/v2/metrics/bucket + scheme: http + url: object-storage.objectstorage-system.svc.cluster.local:80 + targets: + staticConfig: + static: + - object-storage.objectstorage-system.svc.cluster.local:80 +--- +apiVersion: v1 +kind: Secret +metadata: + name: object-storage-probe + namespace: objectstorage-system +data: + token: >- + {BASE64_TOKEN} +type: Opaque +--- +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app: object-storage-monitor + name: object-storage-monitor-config + namespace: objectstorage-system +data: + config.yml: | + server: + addr: ":9090" +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: object-storage-monitor + name: object-storage-monitor-deployment + namespace: objectstorage-system +spec: + replicas: 1 + selector: + matchLabels: + app: object-storage-monitor + strategy: + type: Recreate + template: + metadata: + labels: + app: object-storage-monitor + spec: + containers: + - args: + - /config/config.yml + command: + - /manager + env: + - name: OBJECT_STORAGE_INSTANCE + value: object-storage.objectstorage-system.svc.cluster.local:80 + - name: PROMETHEUS_SERVICE_HOST + value: http://prometheus-object-storage.objectstorage-system.svc.cluster.local:9090 + image: ghcr.io/labring/sealos-minio-service:latest + imagePullPolicy: Always + name: object-storage-monitor + ports: + - containerPort: 9090 + protocol: TCP + resources: + requests: + cpu: 1m + memory: 500M + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /config + name: config-vol + dnsPolicy: ClusterFirst + restartPolicy: Always + volumes: + - configMap: + defaultMode: 420 + name: object-storage-monitor-config + name: config-vol +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: object-storage-monitor + name: object-storage-monitor + namespace: objectstorage-system +spec: + ports: + - name: http + port: 9090 + protocol: TCP + targetPort: 9090 + selector: + app: object-storage-monitor +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: object-storage-monitor + namespace: objectstorage-system + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/backend-protocol: HTTP + nginx.ingress.kubernetes.io/client-body-buffer-size: 64k + nginx.ingress.kubernetes.io/configuration-snippet: | + if ($request_uri ~* \.(js|css|gif|jpe?g|png)) { + expires 30d; + add_header Cache-Control "public"; + } + nginx.ingress.kubernetes.io/proxy-body-size: 1g + nginx.ingress.kubernetes.io/proxy-buffer-size: 64k + nginx.ingress.kubernetes.io/rewrite-target: /$2 + nginx.ingress.kubernetes.io/server-snippet: | + client_header_buffer_size 64k; + large_client_header_buffers 4 128k; + nginx.ingress.kubernetes.io/ssl-redirect: 'false' + nginx.ingress.kubernetes.io/use-regex: 'true' +spec: + tls: + - hosts: + - object-storage-monitor.{{ .cloudDomain }} + secretName: wildcard-cert + rules: + - host: object-storage-monitor.{{ .cloudDomain }} + http: + paths: + - path: /()(.*) + pathType: Prefix + backend: + service: + name: object-storage-monitor + port: + number: 9090 \ No newline at end of file